python310

rpm/python310

SHA256

Fork 0

forked from pool/python310

efa8febd12 Accepting request 1197437 from devel:languages:python:Factory factory Dominique Leuenberger 2024-08-30 11:29:22 +00:00
59c649b520 Update patch devel Matej Cepl 2024-08-29 12:14:10 +00:00
8a73c83002 - Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, CVE-2024-8088). Matej Cepl 2024-08-29 12:04:00 +00:00
db9a09b8c2 Accepting request 1192675 from devel:languages:python:Factory Dominique Leuenberger 2024-08-10 17:06:06 +00:00
1716dfe088 - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 adding reproducibility patches from gh#python/cpython!121872 and gh#python/cpython!121883. Matej Cepl 2024-08-07 20:30:36 +00:00
e761be5380 - Add CVE-2024-6923-email-hdr-inject.patch to prevent email header injection due to unquoted newlines (bsc#1228780, CVE-2024-6923). - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Update bluez-devel-vendor.tar.xz Matej Cepl 2024-08-07 15:06:12 +00:00
47f6e77cdd Accepting request 1189131 from devel:languages:python:Factory Dominique Leuenberger 2024-07-24 13:33:10 +00:00
8a3ae3ab7b - Remove %suse_update_desktop_file macro as it is not useful any more. Matej Cepl 2024-07-22 21:25:49 +00:00
c2077eafb7 - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). Matej Cepl 2024-07-15 12:15:29 +00:00
3d3eac0a3e Accepting request 1185398 from devel:languages:python:Factory Ana Guerrero 2024-07-05 17:45:12 +00:00
f4d7952bf7 - Update F00251-change-user-install-location.patch to make pip and modern tools install directly in /usr/local when used by the user. bsc#1225660 Matej Cepl 2024-07-04 13:17:05 +00:00
9fdf5d0b2c Accepting request 1183503 from devel:languages:python:Factory Ana Guerrero 2024-06-29 13:16:42 +00:00
b062a97a85 - Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 (CVE-2024-4032) rearranging definition of private v global IP addresses. Matej Cepl 2024-06-25 22:17:11 +00:00
346624a8d5 Accepting request 1182484 from devel:languages:python:Factory Ana Guerrero 2024-06-24 18:50:16 +00:00
50f46d2e31 across multiple threads (bsc#1226447, CVE-2024-0397) Matej Cepl 2024-06-21 13:27:20 +00:00
1f90dc5291 - Remove old-libexpat.patch, of course. Matej Cepl 2024-06-21 09:50:19 +00:00
31dd9389f8 - Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with patched libexpat below 2.6.0 that doesn't update the version number, just in SLE. Matej Cepl 2024-06-21 09:49:34 +00:00
78324fb6c5 Redownload sources Matej Cepl 2024-04-18 15:36:23 +00:00
ccf2930393 Accepting request 1161074 from devel:languages:python:Factory Ana Guerrero 2024-03-26 18:24:42 +00:00
46b4064b47 - Add old-libexpat.patch making the test suite work with libexpat < 2.6.0 (gh#python/cpython#117187). Matej Cepl 2024-03-24 01:15:19 +00:00
949104af99 - Because of bsc#1189495 we have to revert use of %autopatch. Matej Cepl 2024-03-22 21:18:18 +00:00
17f54b09e3 Fix *.changes Matej Cepl 2024-03-22 09:01:33 +00:00
f508bcd9bd Fix *.changes Matej Cepl 2024-03-21 20:16:09 +00:00
78ff6e46e1 - libexpat260.patch Matej Cepl 2024-03-21 18:48:55 +00:00
c9951abf64 Fix *.changes Matej Cepl 2024-03-21 16:46:39 +00:00
041ff70f73 - Update 3.10.14: - gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0 to address CVE-2023-52425, and control of the new reparse deferral functionality was exposed with new APIs - gh-109858: zipfile is now protected from the “quoted-overlap” zipbomb to address CVE-2024-0450. It now raises BadZipFile when attempting to read an entry that overlaps with another entry or central directory - gh-91133: tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when working around file system permission errors to address CVE-2023-6597 - gh-115197: urllib.request no longer resolves the hostname before checking it against the system’s proxy bypass list on macOS and Windows - gh-81194: a crash in socket.if_indextoname() with a specific value (UINT_MAX) was fixed. Relatedly, an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms was fixed - gh-113659: .pth files with names starting with a dot or containing the hidden file attribute are now skipped - gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer read out of bounds - gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads - Remove upstreamed patches: - CVE-2023-6597-TempDir-cleaning-symlink.patch - Port to %autosetup and %autopatch. Matej Cepl 2024-03-21 16:45:30 +00:00
a358b6b1ec Accepting request 1157645 from devel:languages:python:Factory Ana Guerrero 2024-03-14 16:42:36 +00:00
9d2100328b Accepting request 1155683 from home:pmonrealgonzalez:branches:devel:languages:python:Factory Matej Cepl 2024-03-06 21:50:46 +00:00
fb64581e60 Accepting request 1153061 from devel:languages:python:Factory Dominique Leuenberger 2024-03-01 22:34:08 +00:00
9713a81b12 Fix the patch Matej Cepl 2024-02-29 01:27:25 +00:00
ec6474e9bc - (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory. Matej Cepl 2024-02-28 23:32:27 +00:00
f660687d3f Accepting request 1152786 from devel:languages:python:Factory Ana Guerrero 2024-02-28 18:44:32 +00:00
3711a039e6 - Remove double definition of /usr/bin/idle%%{version} in %%files. Matej Cepl 2024-02-20 22:16:34 +00:00
f2acc64a8c Accepting request 1146869 from devel:languages:python:Factory Ana Guerrero 2024-02-15 19:59:20 +00:00
951fa01e4b Accepting request 1146817 from home:dgarcia:branches:devel:languages:python:Factory Matej Cepl 2024-02-15 14:36:25 +00:00
9168347d4a - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. Matej Cepl 2024-02-12 13:18:00 +00:00
83a7da7040 Accepting request 1110597 from devel:languages:python:Factory Ana Guerrero 2023-09-12 19:02:42 +00:00
dc236e4d07 - Link to CVE-2023-40217 bug report in changelog, bsc#1214692 Daniel Garcia 2023-09-05 11:37:11 +00:00
044091027d Accepting request 1108911 from devel:languages:python:Factory Ana Guerrero 2023-09-04 20:52:31 +00:00
310cd89462 Accepting request 1108888 from home:dgarcia:branches:devel:languages:python:Factory Dirk Mueller 2023-09-04 15:07:39 +00:00
9708415de3 Accepting request 1102193 from devel:languages:python:Factory Dominique Leuenberger 2023-08-06 14:29:12 +00:00
4a7871d409 - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. Matej Cepl 2023-08-03 14:14:37 +00:00
0d124ed5f4 Accepting request 1099501 from devel:languages:python:Factory Ana Guerrero 2023-07-24 16:12:32 +00:00
32717ebf00 - Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for stabilizing FLAG_REF usage (required for reproduceability; bsc#1213463). Matej Cepl 2023-07-19 11:19:26 +00:00
3c34744813 Accepting request 1098690 from devel:languages:python:Factory Matej Cepl 2023-07-14 14:06:10 +00:00
18f6b99d17 - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). Matej Cepl 2023-07-12 10:49:44 +00:00
7870b5cb09 Accepting request 1095863 from devel:languages:python:Factory Dominique Leuenberger 2023-06-30 17:58:24 +00:00
4c4727d238 Fix changes Matej Cepl 2023-06-28 19:10:39 +00:00
24b222e77c - CVE-2023-24329-blank-URL-bypass.patch Matej Cepl 2023-06-28 17:58:17 +00:00
402f3ae924 - Update to 3.10.12: - gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727). - gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. - gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details. - Remove upstreamed patches: - CVE-2007-4559-filter-tarfile_extractall.patch Matej Cepl 2023-06-28 17:56:56 +00:00
d26ce719ad Accepting request 1094243 from devel:languages:python:Factory Dominique Leuenberger 2023-06-22 21:24:50 +00:00
895080bf5f Add missing import Matej Cepl 2023-06-20 22:19:48 +00:00
f21150c420 - Add bpo-37596-make-set-marshalling.patch making marshalling of set and frozenset deterministic (bsc#1211765). Matej Cepl 2023-06-20 21:41:03 +00:00
55e2bbd4e9 Remove nonsensical commit message. Matej Cepl 2023-06-05 13:02:45 +00:00
65206a5cff Accepting request 1086101 from devel:languages:python:Factory Dominique Leuenberger 2023-05-30 20:01:58 +00:00
54a90c01cb Adjust CVE-2007-4559-filter-tarfile_extractall.patch. Matej Cepl 2023-05-03 14:07:47 +00:00
1ab2e0976b Why in the world we download from HTTP? Matej Cepl 2023-04-30 18:19:12 +00:00
6a2f407ebc We can always chmod Matej Cepl 2023-04-27 23:43:26 +00:00
d6d4479296 There is no wasi in 3.10 Matej Cepl 2023-04-27 22:49:00 +00:00
e8a35797e6 - Update to 3.10.11: - Core and Builtins - gh-102416: Do not memoize incorrectly automatically generated loop rules in the parser. Patch by Pablo Galindo. - gh-102356: Fix a bug that caused a crash when deallocating deeply nested filter objects. Patch by Marta Gómez Macías. - gh-102397: Fix segfault from race condition in signal handling during garbage collection. Patch by Kumar Aditya. - gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. Patch by Kumar Aditya. - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal module. Patch by Max Bachmann. - gh-101967: Fix possible segfault in positional_only_passed_as_keyword function, when new list created. - gh-101765: Fix SystemError / segmentation fault in iter __reduce__ when internal access of builtins.__dict__ keys mutates the iter object. - Library - gh-102947: Improve traceback when dataclasses.fields() is called on a non-dataclass. Patch by Alex Waygood - gh-101979: Fix a bug where parentheses in the metavar argument to argparse.ArgumentParser.add_argument() were dropped. Patch by Yeojin Kim. - gh-102179: Fix os.dup2() error message for negative fds. - gh-101961: For the binary mode, fileinput.hookcompressed() doesn’t set the encoding value even if the value is None. Patch by Gihwan Kim. - gh-101936: The default value of fp becomes io.BytesIO Matej Cepl 2023-04-27 21:53:08 +00:00
0a6bd2edcb - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix CVE-2007-4559 (bsc#1203750) by adding the filter for tarfile.extractall (PEP 706). Matej Cepl 2023-04-27 21:21:50 +00:00
f5edaf893f Revert Matej Cepl 2023-03-27 15:08:59 +00:00
ff2aadd3f5 - Switch off obsoleting previous interpreters. Matej Cepl 2023-03-27 15:00:17 +00:00
c64e33ed3e Accepting request 1071070 from devel:languages:python:Factory Dominique Leuenberger 2023-03-15 17:52:49 +00:00
f698aaf4d9 Somebody has not enough to do. Matej Cepl 2023-03-13 08:40:16 +00:00
e4ffe4ce0f - Add invalid-json.patch fixing invalid JSON in Doc/howto/logging-cookbook.rst (somehow similar to gh#python/cpython#102582). Matej Cepl 2023-03-10 14:39:59 +00:00
a67ddc0ae1 Accepting request 1068979 from devel:languages:python:Factory Dominique Leuenberger 2023-03-05 19:07:48 +00:00
0c5704949d Take care of _testclinic binary module. Matej Cepl 2023-03-02 15:23:34 +00:00
602adbc016 - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters Matej Cepl 2023-03-01 21:21:46 +00:00
a60c90b1d7 - Update to 3.10.10: Bug fixes and regressions handling, no change of behaviour and no security bugs fixed. Matej Cepl 2023-03-01 21:10:15 +00:00
55a026e97b Accepting request 1066987 from devel:languages:python:Factory Dominique Leuenberger 2023-02-22 14:21:08 +00:00
0269832509 Fix SPEC file Matej Cepl 2023-02-21 11:42:46 +00:00
b88ed8b5bd - Add provides for readline and sqlite3 to the main Python package. Matej Cepl 2023-02-21 11:35:05 +00:00
eb1e8bd53a Accepting request 1061591 from devel:languages:python:Factory Dominique Leuenberger 2023-01-29 13:10:05 +00:00
a2b5c7c23b Accepting request 1061584 from home:kukuk:branches:devel:languages:python:Factory Matej Cepl 2023-01-27 16:14:56 +00:00
438d63cfde Accepting request 1041730 from devel:languages:python:Factory Dominique Leuenberger 2022-12-12 17:59:10 +00:00
7757e5a6dc - Update to 3.10.9: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printin - Avoid publishing list of active per-interpreter audit hooks via the gc module - The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name. - Update bundled libexpat to 2.5.0 - Port XKCP’s fix for the buffer overflows in SHA-3 (CVE-2022-37454). - On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. Only code that chooses to use the “forkserver” start method is affected Abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. This was a potential privilege escalation. Filesystem based socket permissions restrict this to the forkserver process user as was the default in Matej Cepl 2022-12-08 14:49:07 +00:00
d498aa5eb1 Accepting request 1034962 from devel:languages:python:Factory Dominique Leuenberger 2022-11-12 16:39:52 +00:00
00fe94daed - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. Matej Cepl 2022-11-09 18:33:25 +00:00
992e439ab9 Accepting request 1033570 from devel:languages:python:Factory Dominique Leuenberger 2022-11-05 13:46:32 +00:00
7c8b7412f2 - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid CVE-2022-42919 (bsc#1204886) avoiding Linux specific local privilege escalation via the multiprocessing forkserver start method. Matej Cepl 2022-11-04 14:58:28 +00:00
b954ccba31 Accepting request 1031406 from devel:languages:python:Factory Dominique Leuenberger 2022-10-28 17:28:30 +00:00
87c3616141 Accepting request 1031400 from home:mcepl:branches:devel:languages:python:Factory Matej Cepl 2022-10-26 21:24:55 +00:00
9ffbba32c9 - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which Matej Cepl 2022-10-19 07:46:21 +00:00
cb4bb1e48d Accepting request 1004684 from devel:languages:python:Factory Dominique Leuenberger 2022-09-21 12:38:55 +00:00
01ff931ee1 Accepting request 1004493 from openSUSE:Factory:RISCV Matej Cepl 2022-09-19 11:20:10 +00:00
f7ce61916b Accepting request 1002508 from devel:languages:python:Factory Dominique Leuenberger 2022-09-17 18:08:07 +00:00
0dca4d95d4 Accepting request 991870 from home:coolo:branches:devel:languages:python:Factory Matej Cepl 2022-09-11 08:43:05 +00:00
8e56b3482c - Update to 3.10.7: - Fix for CVE-2020-10735 (bsc#1203125) Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. - Other bug fixes: - Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. - Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments. - Fix misleading contents of error message when converting an all-whitespace string to float. - coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine. - ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). - Correct conversion of numbers.Rational’s to float. - Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed. - Fix unused localName parameter in the Attr class in xml.dom.minidom. - Update bundled pip to 22.2.2. Matej Cepl 2022-09-11 08:41:57 +00:00
2efb08548d Accepting request 1000538 from devel:languages:python:Factory Dominique Leuenberger 2022-09-01 20:10:16 +00:00
04cd0e8ee2 Add bug and cve references Steve Kowalik 2022-09-01 03:44:32 +00:00
f2d823559c Accepting request 998410 from devel:languages:python:Factory Dominique Leuenberger 2022-08-22 09:04:39 +00:00
9797d7c86c Accepting request 997520 from home:dirkmueller:Factory Matej Cepl 2022-08-20 21:29:40 +00:00
a218f8546a Accepting request 992411 from devel:languages:python:Factory Dominique Leuenberger 2022-08-10 15:12:20 +00:00
a525b95311 - Reapply patches - bpo-31046_ensurepip_honours_prefix.patch - fix_configure_rst.patch - no-skipif-doctests.patch - skip-test_pyobject_freed_is_freed.patch Matej Cepl 2022-08-02 21:52:43 +00:00
204d863a88 - Update to 3.10.6: - gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan. - gh-92888: Fix memoryview use after free when accessing the backing buffer in certain cases. - gh-95355: _PyPegen_Parser_New now properly detects token memory allocation errors. Patch by Honglin Zhu. - gh-94938: Fix error detection in some builtin functions when keyword argument name is an instance of a str subclass with overloaded __eq__ and __hash__. Previously it could cause SystemError or other undesired behavior. - gh-94949: ast.parse() will no longer parse parenthesized context managers when passed feature_version less than (3, 9). Patch by Shantanu Jain. - gh-94947: ast.parse() will no longer parse assignment expressions when passed feature_version less than (3, 8). Patch by Shantanu Jain. - gh-94869: Fix the column offsets for some expressions in multi-line f-strings ast nodes. Patch by Pablo Galindo. - gh-91153: Fix an issue where a bytearray item assignment could crash if it’s resized by the new value’s __index__() method. - gh-94329: Compile and run code with unpacking of extremely large sequences (1000s of elements). Such code failed to compile. It now compiles and runs correctly. - gh-94360: Fixed a tokenizer crash when reading encoded files with syntax errors from stdin with non utf-8 encoded text. Patch by Pablo Galindo Matej Cepl 2022-08-02 17:22:32 +00:00
d69db434ab Accepting request 990684 from devel:languages:python:Factory Richard Brown 2022-07-29 14:46:58 +00:00
d852af53f4 Restore %primary_interpreter Matej Cepl 2022-07-21 15:15:23 +00:00
318a36b4de - Switch from %primary_interpreter to prjconf-defined %primary_python (gh#openSUSE/python-rpm-macros#127). Matej Cepl 2022-07-21 14:25:07 +00:00
d12236cfd4 Accepting request 983936 from devel:languages:python:Factory Dominique Leuenberger 2022-06-23 08:22:00 +00:00

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory